Overview

overview

7

Static

static

3

0caec696bc...0N.exe

windows7-x64

7

0caec696bc...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/08/2024, 00:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0caec696bc6e4c3ec0e92dc74e4f09a0N.exe

  • Size

    2.7MB

  • MD5

    0caec696bc6e4c3ec0e92dc74e4f09a0

  • SHA1

    1b168bd2025d4f1802c1d596296a75233b8549de

  • SHA256

    f677631d03e431394b7da511efc412db63619e7c46d1ab14e300dd9408055320

  • SHA512

    afcca9cb551274fcf893ef1b5684c1e57abbc78f4d9c8153d909f10fb1b4e74427c9c3278ceb301dac16b93b0c95e512d9ceb857219e55436ff3b366864c7774

  • SSDEEP

    49152:+R0p8xHycIq+GI27nGroMPTJPer1c2HSjpjK3LBZ9w4S+:+R0pI/IQlUoMPdmpSph4X

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0caec696bc6e4c3ec0e92dc74e4f09a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0caec696bc6e4c3ec0e92dc74e4f09a0N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:400
    • C:\AdobeCA\adobec.exe
      C:\AdobeCA\adobec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:4440

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\AdobeCA\adobec.exe
    Filesize

    2.7MB

    MD5

    36fe3a5248d20af6926d9ff0aadda408

    SHA1

    99a716d7ba77955d778765f978996a1f3ea1270c

    SHA256

    fcf94e2c1c401bb369b2a594ec573b2d0de166ce98884f534ab91311f8e9f0e1

    SHA512

    4df547e0df8bfc388fb3a34999e6181d4b18fea573ad1fc38f0b4cb180d153a6c0e95fb12f9c8531350f5c94f12ce84890f0a4511069e94f247d1323af6b72b3

    Download Submit

  • C:\KaVBJI\optixsys.exe
    Filesize

    2.7MB

    MD5

    f39f33fb0918b9531cb8da30e6df1a55

    SHA1

    453a435959132b7ae03f17b1187530a6511d1c10

    SHA256

    d39eb5b4a5090ab9bf2fcd939097fce5d138e582bcf1ebb5f8eec60da91542fa

    SHA512

    1a5accfd11669f83605bcf6277b9920bd38377e3cc7d04f068979465d942dfbccc4f40f9d5602509e2131aa0cc2c480cbbb2e135edd38a74f8b99570a139c84a

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    203B

    MD5

    1cfd9386da7c0940e579ae6cd6beb8b0

    SHA1

    a50f6c446aa0dd0b91fb01e39e201804eb7af803

    SHA256

    22746510b3e906fb952c8413f6bde349d615339d252fcac4226b21deb3a9019b

    SHA512

    2678bf92e95fe58be2db0e7215f5e6b02802c574d02e953fc74005df35d83ebe0cebd93851b8218570529f4e6711cb57427487dfda2c06d8aff051df8b58d50c

    Download Submit